WP-Safety

Compress, Resize & Lazy Load Images – WPvivid Image Optimization Security & Risk Analysis

wordpress.org/plugins/wpvivid-imgoptim

Optimize, compress and resize images in WordPress in bulk. Lazy load images. Auto resize and optimize images upon upload.

10K active installs v0.9.24 PHP 5.3+ WP 5.1+ Updated Sep 23, 2025
compress-imageslazy-load-imagesoptimize-imagesreduce-image-sizeresize-images
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Compress, Resize & Lazy Load Images – WPvivid Image Optimization Safe to Use in 2026?

Generally Safe

Score 100/100

Compress, Resize & Lazy Load Images – WPvivid Image Optimization has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago
Risk Assessment

The wpvivid-imgoptim plugin, version 0.9.24, demonstrates a generally good security posture with strong adherence to best practices like using prepared statements for all SQL queries and a high percentage of properly escaped outputs. The plugin also implements a substantial number of nonce and capability checks, indicating a thoughtful approach to securing its functionalities. Furthermore, its history of zero known vulnerabilities suggests a commitment to security over time.

However, the analysis does reveal some areas of concern that warrant attention. A significant attack surface is exposed through 27 AJAX handlers, with three of these lacking any authentication checks. This is a notable risk as these unprotected endpoints could be exploited by unauthenticated users. Additionally, the presence of two instances of the `create_function` and `unserialize` dangerous functions, while not immediately tied to exploitable flows in the taint analysis, represent potential areas for future vulnerability if not handled with extreme caution, especially `unserialize` which can lead to code execution if used with untrusted data. The taint analysis, though limited in scope (9 flows), identified two flows with unsanitized paths, which, despite being classified as non-critical, still indicate potential for unintended file access or manipulation.

In conclusion, wpvivid-imgoptim is a plugin with a solid foundation of secure coding practices and a clean vulnerability history. The primary risks stem from the unprotected AJAX endpoints and the presence of potentially dangerous functions. Addressing these specific issues would further enhance the plugin's security.

Key Concerns

  • Unprotected AJAX handlers
  • Presence of dangerous function: unserialize
  • Presence of dangerous function: create_function
  • Flows with unsanitized paths
Vulnerabilities
None known

Compress, Resize & Lazy Load Images – WPvivid Image Optimization Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Compress, Resize & Lazy Load Images – WPvivid Image Optimization Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
2 prepared
Unescaped Output
70
323 escaped
Nonce Checks
26
Capability Checks
27
File Operations
92
External Requests
6
Bundled Libraries
0

Dangerous Functions Found

create_functionreturn create_function('$_action, &$self, $_text', $init_crypt . 'if ($_action == "encrypt") { ' . $includes\Crypt\Base.php:2558
unserializeextract(unserialize($partial));includes\Crypt\RSA.php:657

SQL Query Safety

100% prepared2 total queries

Output Escaping

82% escaped393 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

9 flows2 with unsanitized paths
opt_single_image (includes\class-wpvivid-imgoptim.php:917)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Compress, Resize & Lazy Load Images – WPvivid Image Optimization Attack Surface

Entry Points27
Unprotected3

AJAX Handlers 27

authwp_ajax_wpvivid_restore_single_imageincludes\class-wpvivid-imgoptim.php:562
authwp_ajax_wpvivid_opt_single_imageincludes\class-wpvivid-imgoptim.php:563
authwp_ajax_wpvivid_get_opt_single_image_progressincludes\class-wpvivid-imgoptim.php:564
authwp_ajax_wpvivid_set_optimization_settingsincludes\class-wpvivid-imgoptim.php:565
authwp_ajax_wpvivid_cdn_saveincludes\display\class-wpvivid-cdn-display.php:17
authwp_ajax_wpvivid_get_opt_progressincludes\display\class-wpvivid-imgoptim-display.php:429
authwp_ajax_wpvivid_get_server_statusincludes\display\class-wpvivid-imgoptim-display.php:430
authwp_ajax_wpvivid_view_optimize_log_exincludes\display\class-wpvivid-imgoptim-display.php:431
authwp_ajax_wpvivid_empty_optimize_logincludes\display\class-wpvivid-imgoptim-display.php:432
authwp_ajax_wpvivid_open_progressing_optimize_logincludes\display\class-wpvivid-imgoptim-display.php:433
authwp_ajax_wpvivid_get_opt_listincludes\display\class-wpvivid-imgoptim-display.php:435
authwp_ajax_wpvivid_init_opt_taskincludes\display\class-wpvivid-imgoptim-display.php:437
authwp_ajax_wpvivid_start_opt_taskincludes\display\class-wpvivid-imgoptim-display.php:438
authwp_ajax_wpvivid_cancel_opt_taskincludes\display\class-wpvivid-imgoptim-display.php:439
authwp_ajax_wpvivid_opt_imageincludes\display\class-wpvivid-imgoptim-display.php:440
authwp_ajax_wpvivid_restore_selected_opt_imageincludes\display\class-wpvivid-imgoptim-display.php:441
authwp_ajax_wpvivid_restore_all_opt_imageincludes\display\class-wpvivid-imgoptim-display.php:442
authwp_ajax_wpvivid_start_get_overviewincludes\display\class-wpvivid-imgoptim-display.php:444
authwp_ajax_wpvivid_get_overviewincludes\display\class-wpvivid-imgoptim-display.php:445
authwp_ajax_wpvivid_imgoptim_loginincludes\display\class-wpvivid-imgoptim-license-display.php:14
authwp_ajax_wpvivid_imgoptim_check_updateincludes\display\class-wpvivid-imgoptim-license-display.php:15
authwp_ajax_wpvivid_imgoptim_updateincludes\display\class-wpvivid-imgoptim-license-display.php:16
authwp_ajax_wpvivid_sign_upincludes\display\class-wpvivid-imgoptim-license-display.php:20
authwp_ajax_wpvivid_remove_siteincludes\display\class-wpvivid-imgoptim-license-display.php:22
authwp_ajax_wpvivid_set_general_image_optimize_settingincludes\display\class-wpvivid-imgoptim-setting.php:15
authwp_ajax_wpvivid_delete_all_images_backupincludes\display\class-wpvivid-imgoptim-setting.php:18
authwp_ajax_wpvivid_lazyload_saveincludes\display\class-wpvivid-lazy-load-display.php:15
WordPress Hooks 39
actiontemplate_redirectincludes\cdn\class-wpvivid-cdn.php:18
filterthe_contentincludes\cdn\class-wpvivid-cdn.php:19
actionsend_headersincludes\cdn\class-wpvivid-cdn.php:21
filtermanage_media_columnsincludes\class-wpvivid-imgoptim.php:17
actionmanage_media_custom_columnincludes\class-wpvivid-imgoptim.php:18
actiondelete_attachmentincludes\class-wpvivid-imgoptim.php:20
filterwpvivid_get_admin_urlincludes\class-wpvivid-imgoptim.php:22
actionadmin_enqueue_scriptsincludes\class-wpvivid-imgoptim.php:24
actionattachment_submitbox_misc_actionsincludes\class-wpvivid-imgoptim.php:26
filterattachment_fields_to_editincludes\class-wpvivid-imgoptim.php:27
filterwpvivid_is_image_optimizedincludes\class-wpvivid-imgoptim.php:29
filterwpvivid_imgoptim_og_skip_fileincludes\class-wpvivid-imgoptim.php:32
filterwpvivid_imgoptim_skip_fileincludes\class-wpvivid-imgoptim.php:33
filterwpvivid_imgoptim_opt_skip_fileincludes\class-wpvivid-imgoptim.php:34
filterwpvivid_imgoptim_get_admin_menusincludes\display\class-wpvivid-cdn-display.php:14
filterwpvivid_imgoptim_get_screen_idsincludes\display\class-wpvivid-cdn-display.php:15
filterwpvivid_imgoptim_get_screen_idsincludes\display\class-wpvivid-imgoptim-display.php:409
actionadmin_enqueue_scriptsincludes\display\class-wpvivid-imgoptim-display.php:411
actionadmin_enqueue_scriptsincludes\display\class-wpvivid-imgoptim-display.php:412
actionnetwork_admin_menuincludes\display\class-wpvivid-imgoptim-display.php:416
actionadmin_menuincludes\display\class-wpvivid-imgoptim-display.php:420
filterwpvivid_imgoptim_get_admin_menusincludes\display\class-wpvivid-imgoptim-display.php:423
filterwpvivid_imgoptim_get_admin_menusincludes\display\class-wpvivid-imgoptim-license-display.php:11
filterwpvivid_imgoptim_get_screen_idsincludes\display\class-wpvivid-imgoptim-license-display.php:12
actionwpvivivd_image_optimization_license_boxincludes\display\class-wpvivid-imgoptim-license-display.php:18
filterwpvivid_imgoptim_get_screen_idsincludes\display\class-wpvivid-imgoptim-setting.php:14
filterwpvivid_imgoptim_get_admin_menusincludes\display\class-wpvivid-imgoptim-setting.php:16
filterwpvivid_imgoptim_get_admin_menusincludes\display\class-wpvivid-lazy-load-display.php:12
filterwpvivid_imgoptim_get_screen_idsincludes\display\class-wpvivid-lazy-load-display.php:13
filterwp_lazy_loading_enabledincludes\lazyload\class-wpvivid-lazy-load.php:19
actionwp_headincludes\lazyload\class-wpvivid-lazy-load.php:20
actionwp_enqueue_scriptsincludes\lazyload\class-wpvivid-lazy-load.php:21
actiontemplate_redirectincludes\lazyload\class-wpvivid-lazy-load.php:22
filterthe_contentincludes\lazyload\class-wpvivid-lazy-load.php:25
filterpost_thumbnail_htmlincludes\lazyload\class-wpvivid-lazy-load.php:29
actionadd_attachmentincludes\optimize\class-wpvivid-image-auto-optimization.php:16
filterwp_generate_attachment_metadataincludes\optimize\class-wpvivid-image-auto-optimization.php:17
filterwp_update_attachment_metadataincludes\optimize\class-wpvivid-image-auto-optimization.php:18
filterwpvivid_allowed_image_auto_optimizationincludes\optimize\class-wpvivid-image-auto-optimization.php:20
Maintenance & Trust

Compress, Resize & Lazy Load Images – WPvivid Image Optimization Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 23, 2025
PHP min version5.3
Downloads197K

Community Trust

Rating86/100
Number of ratings7
Active installs10K
Alternatives

Compress, Resize & Lazy Load Images – WPvivid Image Optimization Alternatives

Cut down uploads size

Cut down uploads size

cut-down-uploads-size

A
100

The “Cut down uploads size” plugin allows you to optimize all the images from your “uploads” folder.

0 No CVEs
Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF

Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF

imagify

A
100

Optimize images in 1-click: compress images, convert to WebP & AVIF, resize, and boost your site with the easiest WordPress image optimization plugin!

1.0M No CVEs
Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP & AVIF | Image CDN

Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP & AVIF | Image CDN

wp-smushit

A
93

Optimize and compress images with lossless and lossy compression, lazy load, WebP & AVIF conversion, and global image CDN.

1.0M 6 CVEs
Converter for Media – Optimize images | Convert WebP & AVIF

Converter for Media – Optimize images | Convert WebP & AVIF

webp-converter-for-media

A
93

Speed up your website by using our WebP & AVIF Converter. Optimize images and serve WebP and AVIF images instead of standard formats!

500K 4 CVEs
ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF

ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF

shortpixel-image-optimiser

A
95

Optimize images & PDFs smartly. Create and compress next-gen WebP and AVIF formats. Smart crop and resize.

300K 6 CVEs
Developer Profile

Compress, Resize & Lazy Load Images – WPvivid Image Optimization Developer Profile

wpvividplugins

4 plugins · 921K total installs

72
trust score
Avg Security Score
90/100
Avg Patch Time
332 days
View full developer profile
Detection Fingerprints

How We Detect Compress, Resize & Lazy Load Images – WPvivid Image Optimization

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpvivid-imgoptim/admin/css/wpvivid-imgoptim.css/wp-content/plugins/wpvivid-imgoptim/admin/css/wpvivid-imgoptim-pro.css/wp-content/plugins/wpvivid-imgoptim/admin/js/wpvivid-imgoptim.js/wp-content/plugins/wpvivid-imgoptim/admin/js/wpvivid-imgoptim-pro.js/wp-content/plugins/wpvivid-imgoptim/admin/js/wpvivid-imgoptim-common.js
Script Paths
/wp-content/plugins/wpvivid-imgoptim/admin/js/wpvivid-imgoptim.js/wp-content/plugins/wpvivid-imgoptim/admin/js/wpvivid-imgoptim-pro.js/wp-content/plugins/wpvivid-imgoptim/admin/js/wpvivid-imgoptim-common.js
Version Parameters
wpvivid-imgoptim/admin/css/wpvivid-imgoptim.css?ver=wpvivid-imgoptim/admin/css/wpvivid-imgoptim-pro.css?ver=wpvivid-imgoptim/admin/js/wpvivid-imgoptim.js?ver=wpvivid-imgoptim/admin/js/wpvivid-imgoptim-pro.js?ver=wpvivid-imgoptim/admin/js/wpvivid-imgoptim-common.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpvivid-imgoptim-tablewpvivid-imgoptim-settings-page
HTML Comments
<!-- WPvivid Image Optimization --><!-- WPvivid Image Optimization Pro --><!-- WPvivid Image Optimization Settings --><!-- WPvivid Image Optimization Pro Settings -->
Data Attributes
data-wpvivid-imgoptim-action
JS Globals
wpvivid_imgoptim_ajax_urlwpvivid_imgoptim_noncewpvivid_imgoptim_settings_noncewpvivid_imgoptim_pro_ajax_urlwpvivid_imgoptim_pro_nonce
REST Endpoints
/wp-json/wpvivid-imgoptim/v1/optimize/wp-json/wpvivid-imgoptim/v1/settings
FAQ

Frequently Asked Questions about Compress, Resize & Lazy Load Images – WPvivid Image Optimization